The Sandworm Group, a Russian based APT, which recently made headlines after their botnet of machines infected with Cyclops Blink malware, was taken down by the US Department of Justice, has been busy crafting attacks targeting the Ukrainian power grid. The Computer Emergency Response Team of Ukraine (CERT-UA), had to step in and take action to thwart the attack on the country’s energy facilities. Blame for the attack has been placed on Sandworm in support of Russian military actions in Easter
ukraine (62)
A spokesman from the United States said on 07 April 2022 that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia. The actions, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure including financial firms, pipelines and the electric grid in response to the sanctions
Understandable fears of an unparalleled Russian cyberwar began to grow around the same time Russia began staging its military on their border with Ukraine. Some people pictured a Russian digital assault not just on Ukraine but on all the West. At least a few people thought the Kremlin might team up with ransomware gangs to punish those who defied the invasion. Others were afraid that conflict between Putin’s hackers and Ukraine might spin out of control and spur a broader cyber melee around the
Since declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy. It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.
Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers. In the hybrid war format where both acts of kinetic war and cyber war have been documented many hack
A provocative piece from Vox, explains the current state of the Russian Cyber War. After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent in cyberwarfare. Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyber
Activity Summary - Week Ending on 4 March 2022:
- Red Sky Alliance identified 5,761 connections from new IP’s checking in with our Sinkholes
- Malicious Keylogger data is back
- Analysts identified 5,700 new IP addresses participating in various Botnets
- Kraken Botnet
- TA2541 Part II
- Russian Hackers
- Indian Port hit with Malware
- Anonymous: Good or Bad Guys?
- Popular Journalist Hacked
- Bridgestone Americas
- US Banks on High Alert
Link to full report: IR-22-063-001_weekly063.pdf
As news continues to break about the ongoing crisis in Western Europe, Cyber Security professionals have been busy making sense of the role that presumably planned cyber-attacks have played in the conflict between Russia and Ukraine. A number of Russian cyber-attacks have served as a prelude to a physical invasion of Ukraine. There is a lot of information from the past two months to unpack and new events are continuing to be reported.
A quick review of the cyber events leading up to boots on t
The common definition of Guerrilla Warfare is a form of ‘irregular’ warfare in which small groups of combatants, such as paramilitary personnel, armed civilians, or irregulars, use military tactics including ambushes, sabotage, raids, petty warfare, hit-and-run tactics, and mobility, to fight a larger and less-mobile traditional military. Now enter cyber guerrilla warfare. A Ukrainian cyber guerrilla warfare group is in the process of launching digital sabotage attacks against critical Russian
A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25th, in the aftermath of Russia’s invasion of Ukraine. The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an
Several days ago, our friends at FortiGuard Labs shared a valuable check list considering the current Ukrainian crisis. We would like to share with our readers and thank Fortinet. With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered. While researchers have seen cases of destructive cyber actions focused on Ukraine, at this point specific attribution is not possible.
As a result of these actions, there
There is an English ballad which was first published in the 1640’s titled, The World Turned Upside Down. Many believe the current international geo-political atmosphere meets this time aged ballad. The US has publicly accused Russia of being responsible for last week’s cyber-attacks targeting Ukraine’s defense ministry and major banks. Now some experts believe Russia could escalate malicious cyber activity and conduct sophisticated cyber-attacks on the West too. If this occurs, the attacks w
The European Central Bank is preparing banks for a possible Russian-sponsored cyber-attack as tensions with Ukraine mount as the region braces for the financial fallout of any conflict. The stand-off between Russia and Ukraine has rattled Europe's political and business leaders, who fear an invasion that would inflict damage on the entire region.
Earlier this week, French President flew to Moscow, then to Kyiv Ukraine in a bid to act as a mediator after Russia massed troops near Ukraine.[1] N
Democratic lawmakers on the House Committee on Financial Services on 27 January 2022 outlined nine (9) provisions of the proposed America COMPETES Act of 2022 one of which has been criticized by the cryptocurrency community for potential privacy and due process concerns.
Committee Chairwoman Maxine Waters, D-Calif., says the America Creating Opportunities for Manufacturing Pre-Eminence in Technology and Economic Strength or COMPETES Act will "strengthen the competitiveness of the US economy and
The US government has urged organizations to shore up defenses "now" in response to website defacements and destructive malware targeting Ukraine government websites and IT systems this week.
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new 'CISA Insights' document aimed at all US organizations, not just critical infrastructure operators. The checklist of actions is CISA's response to this week's cyberattacks on Ukraine's systems and websites, which the country
The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.
The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.[1]
Activity Summary - Week Ending on 21 January 2022:
- Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
- Microsoft IP hit again
- Analysts identified 4,093 new IP addresses participating in various Botnets
- SysJoker Backdoor
- Konni Campaign
- Take Down of VPNLab.net
- Russia shuts down REvil, huh?
- Brookings Blog on Russia
- SilverTerrier sent to the Kennel
- China and the Olympics
- Up-Date on Ukraine Hit
Link to full report: IR-22-021-001_weekly021.pdf
In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet. It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.” A worldwide race to create or acquire cyber weapons was then just taking shape.
Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites. Posted
Activity Summary - Week Ending on 14 January 2022:
- Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes
- Microsoft IP’s in UK and N. Ireland hit
- Analysts identified 1,435 new IP addresses participating in various Botnets
- Rook Ransomware
- More Log4j
- Ukraine Cyber Bust
- UK NHS
- Who’s Winning?
- Google Docs
- The Electric Grid’s Hot Wires
- BLM suing LAPD
Link to full report: IR-22-014-001_weekly014.pdf
The US and the UK have ‘quietly’ sent cyber warfare experts to Ukraine to help sabotage any cyber warfare threats like that in the 2015 Ukraine power grid hack when Russian hackers remotely took over a power company’s control center. It was the first publicly international acknowledged attack using digital weaponry that attacked the Ukrainian power grid, causing power outages across the country. In the hopes of protecting the Ukraine, as the US and allies speculate the next move of Russia, bot
Activity Summary - Week Ending on 12 November 2021:
- Red Sky Alliance identified 27,845 connections from new IP’s checking in with our Sinkholes
- Analysts identified 3,224 new IP addresses participating in various Botnets
- Sality remains the top Malware Variant at 24,282 Observation
- Chaos Ransomware
- Fake Ecommerce and Black Friday
- Robinhood Hit (Again)
- CISA 22-01
- Ukraine & Gamaredon SSU Arrests
- Pakistan and Russia
- Cyber Attack US Federal Indictments
- FIN7 still Kicking Around
Link to full repo
